how to use wireshark with port mirroring

asked 2019-06-24 11:48:00 +0000

Ben van de Put gravatar image

I want to make a wireshark trace on a PC connected to a mirror port of a switch but I see a lot of Resets and redirects due to this wireshark PC.

I just want to make a logging showing IP traffic on the original port that is mirrored to the mirror port. Do I have to do some special setting in Wireshark?

edit retag flag offensive close merge delete


What makes you think this is because of 'this Wireshark PC'?

Jaap gravatar imageJaap ( 2019-06-24 12:27:08 +0000 )edit

What kind of port mirroring are you using? Can you post a PCAP on a public share? There are certain mirrors that encapsulate the traffic in another layer of UDP and IP. The PC might react to this traffic and make you think it's RST and redirects.

Spooky gravatar imageSpooky ( 2019-06-25 16:05:31 +0000 )edit

I am not sure about coding.

parishy gravatar imageparishy ( 2019-07-02 08:11:01 +0000 )edit